<?php
session_start();
/*
 * Session variables:
 * $_SESSION['type'] [string] = user type of the logged in user
 * $_SESSION['authorised'] [boolean] = whether or not the current user is logged in
 */
if(isset($_SESSION['authorised']) && $_SESSION['authorised'] == true)
{   
    if(isset($_SESSION['type']))
    {
        if($_SESSION['type'] == 'administrator')
        {
			$building_name=strtoupper(addslashes(pg_escape_string($_POST['building_name'])));
			$stadd1=strtoupper(addslashes(pg_escape_string($_POST['street_add1'])));
			$stadd2=strtoupper(addslashes(pg_escape_string($_POST['street_add2'])));
			$city=strtoupper(addslashes(pg_escape_string($_POST['city_add'])));
			$province=strtoupper(addslashes(pg_escape_string($_POST['province'])));
			$zip_code=addslashes(pg_escape_string($_POST['zip_code']));
			$num_floors=addslashes(pg_escape_string($_POST['num_floors']));
			$contact_num=addslashes(pg_escape_string($_POST['contact_num']));
			$building_id=$_SESSION['edit_building'];
        	
			include('connection.inc');
            
                $sql="update buildings set building_name='$building_name', num_floors='$num_floors', zipcode='$zip_code', contactnum='$contact_num', province='$province', city_or_town='$city',  stadd1='$stadd1',  stadd2='$stadd2' where building_id=$building_id";
				$result=pg_query($sql);
				header('Location: admin_managebuildings.php');
				exit();
        }
        elseif($_SESSION['type'] == 'student')
        {
            header('Location: student_index.php');
            exit();
        }
        elseif($_SESSION['type'] == 'tutor')
        {
            header('Location: tutor_index.php');
            exit();
        }
        elseif($_SESSION['type'] == 'parent')
        {
            header('Location: parent_index.php');
            exit();
        }
    }
}
else
{
    header('Location: index.php');
}
?>
